Cisco IOS XE Router RTR STIG

Cisco IOS XE Router RTR Security Technical Implementation Guide

ID Vuln ID Title Cat Status
CISC-RT-000550 V-216693 The Cisco BGP router must be configured to reject route advertisements from CE routers with an originating AS in the AS_PATH attribute that does not belong to that customer. Cat III
CISC-RT-000370 V-216675 The Cisco perimeter router must be configured to have Cisco Discovery Protocol (CDP) disabled on all external interfaces. Cat III
CISC-RT-000790 V-216717 The Cisco multicast router must be configured to disable Protocol Independent Multicast (PIM) on all interfaces that are not required to support multicast routing. Cat II
CISC-RT-000480 V-217000 The Cisco BGP router must be configured to use a unique key for each autonomous system (AS) that it peers with. Cat II
CISC-RT-000880 V-216726 The Cisco multicast Designated Router (DR) must be configured to limit the number of mroute states resulting from Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Host Membership Reports. Cat II
CISC-RT-000750 V-217001 The Cisco PE router must be configured to ignore or drop all packets with any IP options. Cat II
CISC-RT-000670 V-216705 The Cisco PE router providing MPLS Virtual Private Wire Service (VPWS) must be configured to have the appropriate virtual circuit identification (VC ID) for each attachment circuit. Cat I
CISC-RT-000070 V-216647 The Cisco router must be configured to have all non-essential capabilities disabled. Cat III
CISC-RT-000840 V-216722 The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Join messages received from the Designated Router (DR) for any undesirable multicast groups. Cat III
CISC-RT-000410 V-216679 The Cisco out-of-band management (OOBM) gateway router must be configured to forward only authorized management traffic to the Network Operations Center (NOC). Cat II
CISC-RT-000830 V-216721 The Cisco multicast Rendezvous Point (RP) router must be configured to filter Protocol Independent Multicast (PIM) Register messages received from the Designated Router (DR) for any undesirable multicast groups and sources. Cat III
CISC-RT-000850 V-216723 The Cisco multicast Rendezvous Point (RP) must be configured to rate limit the number of Protocol Independent Multicast (PIM) Register messages. Cat II
CISC-RT-000870 V-216725 The Cisco multicast Designated Router (DR) must be configured to filter the Internet Group Management Protocol (IGMP) and Multicast Listener Discovery (MLD) Report messages to allow hosts to join a multicast group only from sources that have been approved by the organization. Cat II
CISC-RT-000393 V-230051 The Cisco perimeter router must be configured drop IPv6 packets with a Routing Header type 0, 1, or 3–255. Cat II
CISC-RT-000280 V-216666 The Cisco perimeter router must be configured to protect an enclave connected to an alternate gateway by using an inbound filter that only permits packets with destination addresses within the sites address space. Cat I

Print

Display this benchmark in a printer-friendly format for off-line reference. This display does not include any commands.
Print

Version Changes

If there are multiple versions of this benchmark, Xylok can display the differences between any changes in the checks.
Changes